Ready or not, GDPR is round the corner.
Another year has passed with a collection of massive data breaches. The year 2015 had some massive violations. However, 2016 has proved to be worst year, with two of the largest data breaches in the history of mankind. Besides the massive hack at the Democratic National Committee with significant global political implications and a continued onslaught of breaches from healthcare, to point pf sale technology.
When IT companies like Hewlett-Packard, Verizon, Myspace, Oracle micros and Yahoo (tops the list with breach affecting 500 million users) are unable to protect themselves against data breach default, we all need to get our data compliance in line.
Data and legal obligations
With an increasing number of companies at risk of data breaches, compliance with data protection legislation is a growing issue. Companies should ensure that they are aware of the potential consequences for non-compliance, especially regarding the new EU General Data Protection Regulation (GDPR). http://www.copenhagencompliance.com/gdpr/
At the initial GDPR workshop the organisation must address the following issues:
- What are the regulations governing the treatment of EU citizens' data when held outside the EU
- How to implement the 'right to be forgotten', i.e. for an individual to have information about them removed from search engines' results
- What does the right to data portability involve and mean? (a person can move their data from one processing system to another)
- How will you communicate the new guidelines on active consent
- What are the consequences of regulations that govern international transfers of data
- How can non-EU companies appoint a representative within the EU to hold responsibility for their data compliance
Based on the performance of the above issues the Project Manager must make a plan of action and decisions on the preliminary steps to be compliant on a timely basis:
- Appoint a data protection officer. The role and responsibility for the DPO are to oversee the transition to the GDPR. At the course, we will provide advice on legal and technical aspects of GDPR compliance.
- Addressing the breach notification processes to ensure the relevant data protection authority is notified in due course.
- Review internal and external global data flows; Including those belonging to third-party companies; Companies need to make sure that all EU data is treated in line with the GDPR, no matter where it is stored, or third party transfer.
- Create an IT and data compliance strategy for the 'right to be forgotten'; that covers all data collected by the company by any method, and the proper treatment and secure storage of that data.
- Review your data processing activities to identify the basis of compliance with the GDPR.
- Examine the basis of consent, to bring, seek and verify customers’ and clients’ consent in line with the GDPR mandates.
A holistic Data and GDPR strategy
We will during the whole day course review the critical components of the GDPR mandates to ensure full compliance. If companies fail to comply, be prepared to face fines of up to EUR 20m or 4% of annual turnover. How to assess that all data flows within the company, including the transatlantic data streams. Examine data processing, including the issue of active consent. Inspect current requirements for reporting data breaches. Moreover, finally how to consult legal and technical specialists to prepare for any transition period before the GDPR’s full implementation.
If you fall victim to a data breach as some of the companies mentioned above have, it must be reported to the relevant regulatory authority. In some case, the company may be needed to provide guarantees of wider compliance with the GDPR. In that situation be prepared for additional reputational, administrative and financial burdens including a lengthy declaration processes.
Participate in the next GDPR implementation course in Copenhagen on February 9th, 2017 to review the above and precise requirements of the GDPR implementation. Get in the line to be fully prepared for the GDPR’s implementation in spring 2018. http://www.copenhagencompliance.com/gdpr/